The Hacker News — Cyber Security, Hacking, Technology News

In the War against Ad injectors, Google has started removing ad-injecting extensions for its Chrome browser after it discovered as many as 200 Chrome extensions that exposed Millions of its users to malicious software and fraudulent activities.

While working with a team of researchers from the University of California, Berkeley, the search engine giant found that over 5 percent of its users were infected with 'Ad Injectors' — software that inserts ads or replace existing ads into the pages you visit while browsing the web.

In last three months, Google received more than 100,000 complaints from its Chrome users about ad injection, which is far more than what the company receives for network errors, performance problems, or any other issue.

Ad Injectors are sometimes more than just intrusive. A visitor to a website can be tricked into downloading an unwanted software and programs that could result in a major security risk, just what happened in the recent Superfish incident.

WHAT GOOGLE FOUND?

While conducting the research, researchers examined more than 100 Million page views of Google websites across Chrome, Firefox, and Internet Explorer (IE) on different operating systems globally, and here's what they found:

Ad injectors are not an issue with only Windows operating system. Instead they are present on all operating systems including Mac and affects all web browsers including Chrome, Firefox, and IE.

More than 5 percent of users visiting Google websites are infected by at least one ad injector. Within the group, half of the users have at least two injectors installed, and almost one-third have at least four.

However, the search engine giant has since disabled those fraudulent Chrome extensions. Moreover, Google is also refining the techniques it used to catch these kinds of deceptive extensions to scan all new and updated extensions.

In addition, the company is also making changes to its AdWords policies in order to prevent advertisers from offering users shady downloads.

"We [are] constantly working to improve our product policies to protect people online," software engineer Nav Jagpal of Google wrote in a blog post. "We encourage others to do the same. We [are] committed to continuing to improve this experience for Google and the Web as a whole."

However, users also need to beware of what they download and install on their computers and how they manage the security of their systems, because, in the end, it is only you who need to take care of your security.

It’s the age of surveillance what made the Use of Encryption so widely that it has become a need of law enforcement agencies, cyber criminals as well as every individual. But, encryption is not so easy.

To solve this problem, a 23-year old Cryptocat developer Nadim Kobeissi is ready to release a simple solution to deliver strong encryption at the HOPE hacker conference in New York later this month, which may soon come as an extension for Google Chrome web browser, Wired reported.

The encryption program is dubbed as miniLock, which is a free and open-source browser plugin designed to let anyone encrypt and decrypt files in seconds using a drag-and-drop interface with practically unbreakable cryptographic protection.

“The tagline is that this is file encryption that does more with less,” says Kobeissi, activist and security consultant. “It’s super simple, approachable, and it’s almost impossible to be confused using it.”

Drag-and-drop interface here means, miniLock offers an area where files can be dropped into the program for encryption and encrypts the data in such a manner that leaving recipient, nobody—not even law enforcement units or government intelligence agencies—could able to decrypt and read it.

The encryption program miniLock can be used to work with all type of files, from multimedia to documents and even items stored on a USB drive and encrypts files for secure storage on Dropbox or Google Drive.

miniLock encryption program relies on asymmetric encryption, just like PGP (Pretty Good Privacy), which requires two separate cryptographic keys, public key and private key, for encrypting and decrypting the information. Users share the public key with the one who wants to send them files securely, while the private key is always with the user protected and concealed.

But, in case of miniLock, user needs to enter a passphrase—a strong one with as many as 30 characters or a lot of symbols and numbers—from which the program will derive a public key, called a miniLock ID, and a private key, which is never been seen by the user and gets vanished when the program get closed. Both generated keys are same every time the user enters the passphrase.

This trick of generating the same keys again and again in every session, makes the application usable on any computer without getting worry about the safety of storing the sensitive private key.

Additionally, the automatic generation and management of the public and private keys are exactly what makes the miniLock program easy to use even by an average user who always looks for a simple as well as secure solution to protect their information when sending it over the web.

“No logins, and no private keys to manage. Both are eliminated. That’s what’s special,” says Kobeissi. “Users can have their identity for sending and receiving files on any computer that has miniLock installed, without needing to have an account like a web service does, and without needing to manage key files like PGP.”

This is why, the type of protection the program is providing cannot be descrambled even by law enforcement and government intelligence agencies, which makes it one of the most secure kinds of encryption program.

Because miniLock uses an elliptic curve cryptography flavour of encryption, MiniLock IDs are 44 characters long, while PGP’s public keys often reach almost a page with random text. This small size of keys makes the sharing possible through different communication channels such as a Twitter post or even a phone SMS message.

The full technical explanation of miniLock’s elliptic curve will be presented by Kobeissi at the HOPE conference in New York, starting July 18. He will present a beta version of the miniLock program at the New York conference, as the encryption program he proposes is currently in its experimental stage of development.

miniLock as an extension for Google Chrome web browser won't initially be released, instead the code will be soon available for review on GitHub, so that the flaws and loopholes are eliminated before the release of the tool in Chrome Web Store.

Although the number of malicious browser extensions has significantly increased in the past years, but recently a new extension of the Google Chrome is allegedly targeting Cryptocurrency users that is capable of stealing Bitcoins and other crypto coins silently.

The malicious Chrome browser extension dubbed as ‘Cryptsy Dogecoin (DOGE) Live Ticker’ which is available on Chrome Web store for free downloads and developed by "TheTrollBox" account. Reddit user noticed that the updated version of the extension has a malicious code, which is designed to hijack the crypto currency transactions.

HOW CHROME EXTENSION STEALS CRYPTOCURRENCY

It is very obvious that the kind of crypto related software extensions is downloaded only by the users who deal with the digital currency. So, once the user installed the malicious extension, the software within the extension starts monitoring users’ web activity and looks for those users who go to Cryptocurrency exchange sites such as Coinbase and MintPal.

After realizing that the user is performing a transaction in digital coins, the malicious extension replaces the receiving address, where the user is trying to transfer his Cryptocurrency, with the a different BTC address of its own (attacker's bitcoin address)

The same happened to a Reddit user, who had been reported this activity from the Cryptocurrency exchange MintPal in a withdrawal confirmation. After then he posted a Warning about the rogue extension on Reddit, advising all to “Be careful of what you install on your devices you use to access your wallets.”

OTHER CHROME EXTENSIONS FROM SAME DEVELOPER

TheTrollBox, the developer of malicious 'Cryptsy Dogecoin (DOGE) Live Ticker' Chrome extension has also developed 21 more similar extensions, which are currently available on Google Chrome Store. These Chrome extensions also could be susceptible to have malicious code, and Google has not taken any action against the reported chrome extensions.

If you have installed any of the followings extensions, then you should remove them as soon as possible:

As the business has moved to greater use of mobile and non-Windows computers, so cyber criminals have adapted techniques monetize their efforts. Due to an increase in the value of digital coins, cyber criminals has added it in their watchlist and making every effort to steal your virtual money.

We have seen Android malware distributed by cyber criminals on Google play store that have hidden Coinkrypt malware, which had capability to turn your mobile device into crypto-currency miners, also cybercriminals spreading malware through Home appliances in order to mine virtual currencies, and now they are started editing software extensions with malicious codes to grab users digital coins.

PROTECT YOUR WALLETS

Users are advised to choose a Crypto currency exchange or wallet service that enables two-factor authentication for the high level of security of their virtual wallets, as two-factor authentication required more than one device, which will eventually decrease the chances of malicious malware modifying changes to your transactions.